mirror of
https://github.com/refraction-networking/uquic.git
synced 2025-04-04 12:47:36 +03:00
Merge pull request #1800 from lucas-clemente/tls-errors
use the TLS error codes
This commit is contained in:
Marten Seemann
GitHub
commit
42ea34048a
4 changed files with 37 additions and 33 deletions
4
go.mod
4
go.mod
|
|
@ -5,9 +5,9 @@ go 1.12
|
||||||
require (
|
require (
|
||||||
github.com/cheekybits/genny v1.0.0
|
github.com/cheekybits/genny v1.0.0
|
||||||
github.com/golang/mock v1.2.0
|
github.com/golang/mock v1.2.0
|
||||||
github.com/marten-seemann/qtls v0.1.0
|
github.com/marten-seemann/qtls v0.2.0
|
||||||
github.com/onsi/ginkgo v1.7.0
|
github.com/onsi/ginkgo v1.7.0
|
||||||
github.com/onsi/gomega v1.4.3
|
github.com/onsi/gomega v1.4.3
|
||||||
golang.org/x/crypto v0.0.0-20190225124518-7f87c0fbb88b
|
golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25
|
||||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd
|
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd
|
||||||
)
|
)
|
||||||
|
|
|
||||||
13
go.sum
13
go.sum
|
|
@ -8,22 +8,23 @@ github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM
|
||||||
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
|
||||||
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
|
||||||
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
|
||||||
github.com/marten-seemann/qtls v0.1.0 h1:rU4tM4KsiR4uEL15U7roq5B6IzFJyQdP6po0tCN08mE=
|
github.com/marten-seemann/qtls v0.2.0 h1:SnGwbmSUjODZ3PPCG6N0GX0w30yvndyFmoNY2pbgW+s=
|
||||||
github.com/marten-seemann/qtls v0.1.0/go.mod h1:F6kuCIZ1zxAmETSSJGN/5VENU7NZBXg9zqnA6dYZrgA=
|
github.com/marten-seemann/qtls v0.2.0/go.mod h1:xzjG7avBwGGbdZ8dTGxlBnLArsVKLvwmjgmPuiQEcYk=
|
||||||
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||||
github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
|
github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
|
||||||
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
|
||||||
github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
|
github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
|
||||||
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
|
||||||
golang.org/x/crypto v0.0.0-20190225124518-7f87c0fbb88b h1:+/WWzjwW6gidDJnMKWLKLX1gxn7irUTF1fLpQovfQ5M=
|
golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25 h1:jsG6UpNLt9iAsb0S2AGW28DveNzzgmbXR+ENoPjUeIU=
|
||||||
golang.org/x/crypto v0.0.0-20190225124518-7f87c0fbb88b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
|
golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA=
|
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd h1:nTDtHvHSdCn1m6ITfMRqtOd/9+7a3s8RBNOZ3eYZzJA=
|
||||||
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
|
||||||
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||||
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20190226215855-775f8194d0f9 h1:N26gncmS+iqc/W/SKhX3ElI5pkt72XYoRLgi5Z70LSc=
|
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/sys v0.0.0-20190226215855-775f8194d0f9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e h1:ZytStCyV048ZqDsWHiYDdoI2Vd4msMcrDECFxS+tL9c=
|
||||||
|
golang.org/x/sys v0.0.0-20190228124157-a34e9553db1e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||||
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
|
||||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||||
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
|
||||||
|
|
|
||||||
|
|
@ -64,11 +64,7 @@ type cryptoSetup struct {
|
||||||
|
|
||||||
handleParamsCallback func([]byte)
|
handleParamsCallback func([]byte)
|
||||||
|
|
||||||
// There are two ways that an error can occur during the handshake:
|
alertChan chan error
|
||||||
// 1. as a return value from qtls.Handshake()
|
|
||||||
// 2. when new data is passed to the crypto setup via HandleData()
|
|
||||||
// handshakeErrChan is closed when qtls.Handshake() errors
|
|
||||||
handshakeErrChan chan struct{}
|
|
||||||
// HandleData() sends errors on the messageErrChan
|
// HandleData() sends errors on the messageErrChan
|
||||||
messageErrChan chan error
|
messageErrChan chan error
|
||||||
// handshakeDone is closed as soon as the go routine running qtls.Handshake() returns
|
// handshakeDone is closed as soon as the go routine running qtls.Handshake() returns
|
||||||
|
|
@ -190,7 +186,7 @@ func newCryptoSetup(
|
||||||
logger: logger,
|
logger: logger,
|
||||||
perspective: perspective,
|
perspective: perspective,
|
||||||
handshakeDone: make(chan struct{}),
|
handshakeDone: make(chan struct{}),
|
||||||
handshakeErrChan: make(chan struct{}),
|
alertChan: make(chan error),
|
||||||
messageErrChan: make(chan error, 1),
|
messageErrChan: make(chan error, 1),
|
||||||
clientHelloWrittenChan: make(chan struct{}),
|
clientHelloWrittenChan: make(chan struct{}),
|
||||||
messageChan: make(chan []byte, 100),
|
messageChan: make(chan []byte, 100),
|
||||||
|
|
@ -215,12 +211,11 @@ func (h *cryptoSetup) ChangeConnectionID(id protocol.ConnectionID) error {
|
||||||
|
|
||||||
func (h *cryptoSetup) RunHandshake() error {
|
func (h *cryptoSetup) RunHandshake() error {
|
||||||
// Handle errors that might occur when HandleData() is called.
|
// Handle errors that might occur when HandleData() is called.
|
||||||
handshakeErrChan := make(chan error, 1)
|
|
||||||
handshakeComplete := make(chan struct{})
|
handshakeComplete := make(chan struct{})
|
||||||
go func() {
|
go func() {
|
||||||
defer close(h.handshakeDone)
|
defer close(h.handshakeDone)
|
||||||
if err := h.conn.Handshake(); err != nil {
|
if err := h.conn.Handshake(); err != nil {
|
||||||
handshakeErrChan <- err
|
h.logger.Debugf("qlts.Handshake error: %s", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
close(handshakeComplete)
|
close(handshakeComplete)
|
||||||
|
|
@ -230,13 +225,11 @@ func (h *cryptoSetup) RunHandshake() error {
|
||||||
case <-h.closeChan:
|
case <-h.closeChan:
|
||||||
close(h.messageChan)
|
close(h.messageChan)
|
||||||
// wait until the Handshake() go routine has returned
|
// wait until the Handshake() go routine has returned
|
||||||
<-handshakeErrChan
|
|
||||||
return errors.New("Handshake aborted")
|
return errors.New("Handshake aborted")
|
||||||
case <-handshakeComplete: // return when the handshake is done
|
case <-handshakeComplete: // return when the handshake is done
|
||||||
return nil
|
return nil
|
||||||
case err := <-handshakeErrChan:
|
case err := <-h.alertChan:
|
||||||
// if handleMessageFor{server,client} are waiting for some qtls action, make them return
|
<-h.handshakeDone
|
||||||
close(h.handshakeErrChan)
|
|
||||||
return err
|
return err
|
||||||
case err := <-h.messageErrChan:
|
case err := <-h.messageErrChan:
|
||||||
// If the handshake errored because of an error that occurred during HandleData(),
|
// If the handshake errored because of an error that occurred during HandleData(),
|
||||||
|
|
@ -304,25 +297,25 @@ func (h *cryptoSetup) handleMessageForServer(msgType messageType) bool {
|
||||||
select {
|
select {
|
||||||
case data := <-h.extHandler.TransportParameters():
|
case data := <-h.extHandler.TransportParameters():
|
||||||
h.handleParamsCallback(data)
|
h.handleParamsCallback(data)
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// get the handshake read key
|
// get the handshake read key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedReadKey:
|
case <-h.receivedReadKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// get the handshake write key
|
// get the handshake write key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedWriteKey:
|
case <-h.receivedWriteKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// get the 1-RTT write key
|
// get the 1-RTT write key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedWriteKey:
|
case <-h.receivedWriteKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
|
|
@ -333,7 +326,7 @@ func (h *cryptoSetup) handleMessageForServer(msgType messageType) bool {
|
||||||
// get the 1-RTT read key
|
// get the 1-RTT read key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedReadKey:
|
case <-h.receivedReadKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
|
|
@ -348,13 +341,13 @@ func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
|
||||||
// get the handshake write key
|
// get the handshake write key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedWriteKey:
|
case <-h.receivedWriteKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// get the handshake read key
|
// get the handshake read key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedReadKey:
|
case <-h.receivedReadKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
|
|
@ -362,7 +355,7 @@ func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
|
||||||
select {
|
select {
|
||||||
case data := <-h.extHandler.TransportParameters():
|
case data := <-h.extHandler.TransportParameters():
|
||||||
h.handleParamsCallback(data)
|
h.handleParamsCallback(data)
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return false
|
return false
|
||||||
|
|
@ -373,13 +366,13 @@ func (h *cryptoSetup) handleMessageForClient(msgType messageType) bool {
|
||||||
// get the 1-RTT read key
|
// get the 1-RTT read key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedReadKey:
|
case <-h.receivedReadKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
// get the handshake write key
|
// get the handshake write key
|
||||||
select {
|
select {
|
||||||
case <-h.receivedWriteKey:
|
case <-h.receivedWriteKey:
|
||||||
case <-h.handshakeErrChan:
|
case <-h.handshakeDone:
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
return true
|
return true
|
||||||
|
|
@ -467,6 +460,11 @@ func (h *cryptoSetup) WriteRecord(p []byte) (int, error) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (h *cryptoSetup) SendAlert(alert uint8) {
|
||||||
|
// TODO(#1567): send the correct IETF QUIC error code
|
||||||
|
h.alertChan <- fmt.Errorf("TLS alert: %d", alert)
|
||||||
|
}
|
||||||
|
|
||||||
func (h *cryptoSetup) GetSealer() (protocol.EncryptionLevel, Sealer) {
|
func (h *cryptoSetup) GetSealer() (protocol.EncryptionLevel, Sealer) {
|
||||||
if h.sealer != nil {
|
if h.sealer != nil {
|
||||||
return protocol.Encryption1RTT, h.sealer
|
return protocol.Encryption1RTT, h.sealer
|
||||||
|
|
|
||||||
|
|
@ -128,13 +128,18 @@ var _ = Describe("Crypto Setup TLS", func() {
|
||||||
go func() {
|
go func() {
|
||||||
defer GinkgoRecover()
|
defer GinkgoRecover()
|
||||||
err := server.RunHandshake()
|
err := server.RunHandshake()
|
||||||
Expect(err).To(HaveOccurred())
|
Expect(err).To(MatchError("TLS alert: 10"))
|
||||||
Expect(err.Error()).To(ContainSubstring("received unexpected handshake message"))
|
|
||||||
close(done)
|
close(done)
|
||||||
}()
|
}()
|
||||||
|
|
||||||
fakeCH := append([]byte{byte(typeClientHello), 0, 0, 6}, []byte("foobar")...)
|
fakeCH := append([]byte{byte(typeClientHello), 0, 0, 6}, []byte("foobar")...)
|
||||||
server.HandleMessage(fakeCH, protocol.EncryptionInitial)
|
handledMessage := make(chan struct{})
|
||||||
|
go func() {
|
||||||
|
defer GinkgoRecover()
|
||||||
|
server.HandleMessage(fakeCH, protocol.EncryptionInitial)
|
||||||
|
close(handledMessage)
|
||||||
|
}()
|
||||||
|
Eventually(handledMessage).Should(BeClosed())
|
||||||
Eventually(done).Should(BeClosed())
|
Eventually(done).Should(BeClosed())
|
||||||
})
|
})
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue